If you are reading this, you are almost certainly doing so without realizing you could be leaving the door open to hackers. New research has revealed that an astonishing 86% of broadband users have little idea about cybersecurity, or at least the security of the device they use to connect to the internet. That’s the number of people who have never changed their broadband router admin password from the factory default, and that’s a grave concern, security experts have warned. Here’s why and what you need to do about it right now.
Broadband Genie Router Security Survey Discloses Critical Security Lapse
The latest router security survey carried out on behalf of Broadband Genie has provided a chilling insight into the security habits of internet users. Or should that be insecurity habits? To compare how router security attitudes had changed when compared to the previous two surveys, completed in 2018 and 2022, the survey polled more than 3,000 users., asking identical questions as in previous years.
The headline statistics to be pulled from the report are that 52% of users had never delved into their router settings to configure the device differently from the factory default state in any way. An astonishing 86%, however, admitted to never having changed the factory set administrator password default either. These figures show an increase from earlier survey results, showing that cybersecurity awareness would appear to be decreasing among the general router-using population.
This is staggeringly depressing for someone like me who spends a large part of his working life trying to convey the basics of security hygiene to a non-technical audience. I have failed, that much is clear, as changing your router’s default admin password should be the first thing you do upon powering the device up.
“Leaving the password as the default is the easiest way for someone to gain access to your router and, therefore, your network and connected devices,” Alex Toft, Broadband Genie’s resident broadband expert, warned. “It’s an open invitation to nefarious characters to snoop around and take what’s yours.” If you choose a suitably strong password, there’s no need to change it again unless it has been compromised.
The change it now advice is less urgent if your router is a newer model that at least comes with a unique admin password rather than a standard default that is the same for all users. If this password is too short or easily guessable, however, then it still makes sense to delve into the admin settings and change it, in my never humble opinion. The survey revealed equally poor results when it came to chasing the Wi-Fi password, something that 72% of users said they never do. Although there is an argument to be made that, for most people, most of the time, this is not a huge security issue, it remains something I always recommend doing as it’s good practice anyway. “Similar to the router admin password, default Wi-Fi passwords are well known,” Toft said, “and it would take seconds for a knowledgeable hacker to gain access.”
Passwords Are Not The Only Low-Hanging Security Fruit
Almost nine out of ten (89%) of those asked also said that they never updated their router firmware. In many ways, this is the most shocking revelation from a security perspective. Once again, it’s a (very) slight increase in the number from the 2022 survey, which suggests the security message isn’t being heard loudly enough. “Failing to update can leave routers vulnerable,” Toft warned, “which is why this result isn’t the one we wanted to see.” Of course, trying to update router firmware can be something of a Herculean task for most users, although newer routers are making it easier with some implementing automatic updates.
“Cybercriminals take advantage of bugs and vulnerabilities in firmware, to gain access to your online information,” Oliver Devane, a senior security researcher at McAfee, said, “keeping the firmware up to date with the latest security patches will prevent this from happening.”
Actions All Broadband Router Users Need To Take Now
Broadband Genie researchers recommend that all internet router users should do the following, using the vendor provided instructions (a search of your router model or broadband provider on Google will usually come up trumps) or reaching out to your internet service provider if necessary:
- Disconnect your internet and perform a full factory reset of the router.
- Change your router admin password, Wi-Fi password and network name to something unique immediately.
